Help building data table report

Elastic Stack Kibana
1

Hi everyone. I am trying to create a data table based on the sample logstash indeces provided here. I want the table to follow the following format:

Term/Keyword | # Total | # 200 (response) | # 404 (response) | # 503 (response)
IP Address (IP)
jpg (extension)
css (extension)
png (extension)
gif (extension)
php (extension)

Basically, I want to get total count of IP addresses across all events and the total count of each extension across all events. In addition, I want the same breakdown filtered on each response keyword.

I'm close (please see the attached screenshots), but I want it to match the format I outlined above.

Any help would be greatly appreciated!

config
config.png324×1250 35.4 KB
data_table
data_table.png1385×454 16 KB
option

2

One possible solution would be to use a scripted field to determine if it's an event you want to include and sum them.

Example scripted field:

if (doc['response.keyword'].value.startsWith('2')) {
  return 1;
}

You can add this from the Index Pattern detail page.

52
Screenshot 2018-06-04 13.57.52.png1343×828 49.6 KB

2 Likes
3

Thank you! That works perfectly. Looks like I've got to learn Painless.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.